apify-actorization
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The file 'references/cli-actorization.md' includes a Dockerfile command that retrieves a script from a URL and pipes it to a shell for execution.
- Evidence: 'RUN curl --silent --location https://raw.githubusercontent.com/houseabsolute/ubi/master/bootstrap/bootstrap-ubi.sh | sh'
- [EXTERNAL_DOWNLOADS]: The skill instructions involve downloading software components from various external sources.
- Evidence: Installation of the 'ubi' utility from the 'houseabsolute/ubi' repository.
- Evidence: Installation of 'apify-cli' via Homebrew or NPM.
- [COMMAND_EXECUTION]: The skill requires the user to execute multiple CLI commands and shell scripts.
- Evidence: Running 'apify init', 'apify run', and 'apify push' commands.
- Evidence: Creation and execution of a 'start.sh' wrapper script within a Docker container.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing untrusted input schemas and project files.
- Ingestion points: Data from '.actor/input_schema.json' and the source code of the project being converted enter the agent context.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded in the processed project data.
- Capability inventory: The skill utilizes subprocess execution ('apify run') and network uploads ('apify push') as seen in 'SKILL.md'.
- Sanitization: There is no evidence of input validation or escaping for the external data ingested during the actorization process.
Recommendations
- AI detected serious security threats
Audit Metadata